Culture, Vulnerabilities and Budget: Why Devs and AppSec Disagree

Culture, Vulnerabilities and Budget: Why Devs and AppSec Disagree

At the core of the matter, AppSec professionals think the development team is difficult to work with because they push code with known vulnerabilities, with many also complaining that developers accept flaws if they believe an app will be a big seller.

Developers and security professionals are often in conflict, and this state of affairs is not going to change anytime soon, in this author’s opinion. Now here are some facts about the current state of affairs.

The Ponemon Institute conducted two surveys sponsored by ZeroNorth in May and June of 2020, one of 581 application security (AppSec) professionals and another of 549 application developers. Three-quarters of the AppSec respondents believe there is a cultural divide between them and developers, while only 49% of developers feel the same way towards the AppSec function. The difference in opinion is not because of DevSecOps has taken hold among developers — adoption is almost the same among both respondent categories.

Almost half (48%) of developers have bought into the idea that their organization is actively working to help developers and security teams work together. At 32%, AppSec is more skeptical. One has to wonder, is this because corporate leadership isn’t doing anything, or are security pros jaded by past experience? Developers are more optimistic about a raft of other security topics, most notably application vulnerabilities.

As compared to AppSec professionals, developers are significantly less (39% vs 60%), to believe application security risk at their organization has increased. At the core of the matter, AppSec professionals think the development team is difficult to work with because they push code with known vulnerabilities, with many also complaining that developers accept flaws if they believe an app will be a big seller. Whether or not developers are actually pushing a lot of serious vulnerabilities up for debate, but their self-perception is incredibly different from that of their AppSec peers — only 27% of developers say code is frequently being published with known vulnerabilities, compared to the 57% of application security specialists that estimate likewise.

devops security research

Bootstrap 5 Complete Course with Examples

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Building a simple Applications with Vue 3

Deno Crash Course: Explore Deno and Create a full REST API with Deno

How to Build a Real-time Chat App with Deno and WebSockets

Convert HTML to Markdown Online

HTML entity encoder decoder Online

How to Extend your DevOps Strategy For Success in the Cloud?

DevOps and Cloud computing are joined at the hip, now that fact is well appreciated by the organizations that engaged in SaaS cloud and developed applications in the Cloud. During the COVID crisis period, most of the organizations have started using cloud computing services and implementing a cloud-first strategy to establish their remote operations. Similarly, the extended DevOps strategy will make the development process more agile with automated test cases.

What Is DevOps and Is Enterprise DevOps Any Good?

What is DevOps? How are organizations transitioning to DevOps? Is it possible for organizations to shift to enterprise DevOps? Read more to find out!

Best Custom Web & Mobile App Development Company

Top Web & Mobile Application Development Company in India & USA. We specialize in Golang, Ruby on Rails, Symfony, Laravel PHP, Python, Angular, Mobile Apps, Blockchain, & Chatbots

Automating Security in DevOps: Top 15 Tools

Cybersecurity is a big concern for many companies. With data breaches happening more and more as attacks increase in sophistication, teams are looking at all of the options they have to prevent them.

DevOps Basics: What You Should Know

What is DevOps? What are the goals it helps achieves? What are its benefits? This article has answers!